I had an idea... what about putting the domain in the configuration file and doing a "hard" redirect upon proper authentication? Would this be feasible? Doable in httpd?
On Fri, Aug 7, 2009 at 2:08 PM, Josh Gooding <josh.good...@gmail.com> wrote: > No, my understanding is login's weren't encrypted unless SSL was used. > > Scott, I'm not a sysadmin, but does win2k3 server have something like > iptables? That MIGHT be a little more helpful, I'll have to research it > more, however, I still need to figure out how to drop SSL after the login > screen. Let me do some more digging around the internet. > > The login password is encrypted with MD5 before checking the DB and stored > in the DB as an MD5 hash, so with that being said, is SSL even neccessary on > the login to the software? > > Thank you again for all the responses and advice. It is highly > appreciated. > > - Josh > > > On Fri, Aug 7, 2009 at 11:27 AM, Mike -- EMAIL IGNORED < > m_d_berger_1...@yahoo.com> wrote: > >> On Fri, 07 Aug 2009 08:40:55 -0400, Josh Gooding wrote: >> >> > Thanks for the reply Krist, >> > >> > Let me give you a little background on what I did (and still doing). I >> > created a video training software that is now internet based. Nothing >> > inside of the training needs to be across HTTPS, except the login page. >> > Client's said they would "like" to see it done. Which is were I am at >> > right now. I always thought that HTTPS is noticeably slower than >> > regular HTTP, which is why I would not want HTTPS on the entire site, >> > since video and graphics tend to be more bandwidth and CPU intensive. >> > >> > In essence I am trying to keep the lag to as little as possible and only >> > encrypt what needs to be encrypted. >> > >> > - Josh >> > >> [...] >> >> Please read my recent thread "excessive DNS slows httpd". >> The bottom line: I recently introduced SSL to part of my >> web site, and it slowed considerably. Using iptables >> (on a Linux system),I blocked all DNS, and speed of >> response is better than ever, 8 meg photo files >> notwithstanding. >> >> Additionally, I thought sign-in is encrypted even when >> SSL is not in use. Is this not true? >> >> Mike. >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >
